urlscan.io logo urlscan.io
SecurityTrails logo

sec.windcave.com Open in urlscan Pro
104.18.25.148  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://sec.paymentexpress.com/
Effective URL: https://sec.windcave.com/pxmi3/logon
Submission: On September 25 via manual from US — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 104.18.25.148, located in and belongs to CLOUDFLARENET, US. The main domain is sec.windcave.com. The Cisco Umbrella rank of the primary domain is 241937.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on January 16th 2024. Valid for: a year.
This is the only time sec.windcave.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 104.18.4.225 13335 (CLOUDFLAR...)
11 104.18.25.148 13335 (CLOUDFLAR...)
11 1
Apex Domain
Subdomains		 Transfer
11 windcave.com
sec.windcave.com — Cisco Umbrella Rank: 241937
158 KB
2 paymentexpress.com
sec.paymentexpress.com — Cisco Umbrella Rank: 170095
471 B
11 2
Domain Requested by
11 sec.windcave.com sec.windcave.com
2 sec.paymentexpress.com 2 redirects
11 2

This site contains links to these domains. Also see Links.

Domain
www.windcave.com
Subject Issuer Validity Valid
*.windcave.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-01-16 -
2025-02-15		 a year crt.sh

This page contains 1 frames:

Primary Page: https://sec.windcave.com/pxmi3/logon
Frame ID: 8A419FBC25A7C620E2F555365EF6501B
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Windcave

Page URL History Show full URLs

  1. http://sec.paymentexpress.com/ HTTP 307
    https://sec.paymentexpress.com/ HTTP 301
    https://sec.windcave.com/pxmi3/logon HTTP 307
    http://sec.paymentexpress.com/ HTTP 307
    https://sec.paymentexpress.com/ HTTP 301
    https://sec.windcave.com/pxmi3/logon Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

158 kB
Transfer

446 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://sec.paymentexpress.com/ HTTP 307
    https://sec.paymentexpress.com/ HTTP 301
    https://sec.windcave.com/pxmi3/logon HTTP 307
    http://sec.paymentexpress.com/ HTTP 307
    https://sec.paymentexpress.com/ HTTP 301
    https://sec.windcave.com/pxmi3/logon Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request logon
sec.windcave.com/pxmi3/
Redirect Chain
  • http://sec.paymentexpress.com/
  • https://sec.paymentexpress.com/
  • https://sec.windcave.com/pxmi3/logon
  • http://sec.paymentexpress.com/
  • https://sec.paymentexpress.com/
  • https://sec.windcave.com/pxmi3/logon
12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sec.windcave.com/pxmi3/logon
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc12f57962502e2c28454fd8effafc4365b52cb642af66c1c825f4a8d16a9869
Security Headers
Name Value
Content-Security-Policy base-uri 'self';connect-src https://sec.paymentexpress.com https://sec.windcave.com 'self';default-src 'none';font-src https://sec.paymentexpress.com https://sec.windcave.com 'self';form-action https://sec.paymentexpress.com https://sec.windcave.com 'self' https://a2a.paymentexpress.com https://a2a.windcave.com;frame-ancestors 'none';frame-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-r2JS18Ff1W2mrpIXqP2Gyw==' ;style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-r2JS18Ff1W2mrpIXqP2Gyw==' ;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Security-Policy base-uri 'self';connect-src https://sec.paymentexpress.com https://sec.windcave.com 'self';default-src 'none';font-src https://sec.paymentexpress.com https://sec.windcave.com 'self';form-action https://sec.paymentexpress.com https://sec.windcave.com 'self' https://a2a.paymentexpress.com https://a2a.windcave.com;frame-ancestors 'none';frame-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-r2JS18Ff1W2mrpIXqP2Gyw==' ;style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-r2JS18Ff1W2mrpIXqP2Gyw==' ;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
no-cache,no-store
cf-cache-status
DYNAMIC
cf-ray
8c8c36a989d70d6e-MXP
content-encoding
gzip
content-security-policy
base-uri 'self';connect-src https://sec.paymentexpress.com https://sec.windcave.com 'self';default-src 'none';font-src https://sec.paymentexpress.com https://sec.windcave.com 'self';form-action https://sec.paymentexpress.com https://sec.windcave.com 'self' https://a2a.paymentexpress.com https://a2a.windcave.com;frame-ancestors 'none';frame-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-r2JS18Ff1W2mrpIXqP2Gyw==' ;style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-r2JS18Ff1W2mrpIXqP2Gyw==' ;
content-type
text/html
date
Wed, 25 Sep 2024 15:58:04 GMT
expires
0
frame-options
deny
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=16070400; includeSubDomains
vary
Accept-Encoding
x-aspnet-version
x-content-security-policy
base-uri 'self';connect-src https://sec.paymentexpress.com https://sec.windcave.com 'self';default-src 'none';font-src https://sec.paymentexpress.com https://sec.windcave.com 'self';form-action https://sec.paymentexpress.com https://sec.windcave.com 'self' https://a2a.paymentexpress.com https://a2a.windcave.com;frame-ancestors 'none';frame-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-r2JS18Ff1W2mrpIXqP2Gyw==' ;style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-r2JS18Ff1W2mrpIXqP2Gyw==' ;
x-content-type-options
nosniff
x-frame-options
deny
x-powered-by
x-xss-protection
1; mode=block

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
8c8c36a01d220d6c-MXP
content-type
text/html; charset=UTF-8
date
Wed, 25 Sep 2024 15:58:03 GMT
location
https://sec.windcave.com/pxmi3/logon
server
cloudflare
x-aspnet-version
x-powered-by
30074
sec.windcave.com/pxmi3/ 		32 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sec.windcave.com/pxmi3/30074
Requested by
Host: sec.windcave.com
URL: https://sec.windcave.com/pxmi3/logon
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99a0961bca6f5487452fc4f7f61950aa20ed824d9f34cc970fbb60e2eebb82db
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sec.windcave.com/pxmi3/logon

Response headers

frame-options
deny
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
"1408248938"
x-content-type-options
nosniff
expires
Wed, 25 Sep 2024 15:58:06 GMT
date
Wed, 25 Sep 2024 15:58:06 GMT
content-type
text/css
vary
Accept-Encoding
x-frame-options
deny
strict-transport-security
max-age=16070400; includeSubDomains
cache-control
no-transform,public
x-aspnet-version
cf-ray
8c8c36b50ae90d6e-MXP
content-length
8781
x-xss-protection
1; mode=block
x-powered-by
server
cloudflare
0205_0002
sec.windcave.com/pxmi3/ 		86 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sec.windcave.com/pxmi3/0205_0002
Requested by
Host: sec.windcave.com
URL: https://sec.windcave.com/pxmi3/logon
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9bd314ac959ffa4ef5f0c05fc8633f4598e0d39c676f6f2687a107b8d644549d
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sec.windcave.com/pxmi3/logon

Response headers

frame-options
deny
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
"1411522568"
x-content-type-options
nosniff
expires
Wed, 25 Sep 2024 15:58:05 GMT
date
Wed, 25 Sep 2024 15:58:06 GMT
content-type
text/css
vary
Accept-Encoding
x-frame-options
deny
strict-transport-security
max-age=16070400; includeSubDomains
cache-control
no-transform,public
x-aspnet-version
cf-ray
8c8c36b50aed0d6e-MXP
content-length
20714
x-xss-protection
1; mode=block
x-powered-by
server
cloudflare
jquery-3.5.1.js
sec.windcave.com/js/ 		87 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sec.windcave.com/js/jquery-3.5.1.js
Requested by
Host: sec.windcave.com
URL: https://sec.windcave.com/pxmi3/logon
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sec.windcave.com/pxmi3/logon

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"06979ca8382d71:0"
expires
Wed, 25 Sep 2024 19:58:05 GMT
date
Wed, 25 Sep 2024 15:58:05 GMT
content-type
application/javascript
last-modified
Tue, 27 Jul 2021 01:07:38 GMT
vary
Accept-Encoding
strict-transport-security
max-age=16070400; includeSubDomains
cache-control
public, max-age=14400
x-aspnet-version
cf-ray
8c8c36b50af00d6e-MXP
accept-ranges
bytes
content-length
39738
x-powered-by
server
cloudflare
0305_0001
sec.windcave.com/pxmi3/ 		183 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sec.windcave.com/pxmi3/0305_0001
Requested by
Host: sec.windcave.com
URL: https://sec.windcave.com/pxmi3/logon
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f533a48b0d9c31d8d37e28793feb1bbba445134bacb673d7aa8fabde2a75f91a
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sec.windcave.com/pxmi3/logon

Response headers

frame-options
deny
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
"1411522566"
x-content-type-options
nosniff
expires
Wed, 25 Sep 2024 15:58:06 GMT
date
Wed, 25 Sep 2024 15:58:06 GMT
content-type
text/javascript
vary
Accept-Encoding
x-frame-options
deny
strict-transport-security
max-age=16070400; includeSubDomains
cache-control
no-transform,public
x-aspnet-version
cf-ray
8c8c36b50af40d6e-MXP
content-length
58724
x-xss-protection
1; mode=block
x-powered-by
server
cloudflare
0306_0001
sec.windcave.com/pxmi3/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sec.windcave.com/pxmi3/0306_0001
Requested by
Host: sec.windcave.com
URL: https://sec.windcave.com/pxmi3/logon
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a7d33e5864602852bcd52fba25fdeed2e94f8230932936441e1ab948cc482a8
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sec.windcave.com/pxmi3/logon

Response headers

frame-options
deny
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
"1411522570"
x-content-type-options
nosniff
expires
Wed, 25 Sep 2024 15:58:07 GMT
date
Wed, 25 Sep 2024 15:58:07 GMT
content-type
text/javascript
vary
Accept-Encoding
x-frame-options
deny
strict-transport-security
max-age=16070400; includeSubDomains
cache-control
no-transform,public
x-aspnet-version
cf-ray
8c8c36b50af60d6e-MXP
content-length
4827
x-xss-protection
1; mode=block
x-powered-by
server
cloudflare
0308_0001
sec.windcave.com/pxmi3/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sec.windcave.com/pxmi3/0308_0001
Requested by
Host: sec.windcave.com
URL: https://sec.windcave.com/pxmi3/logon
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a72b442ce65da04c8f7e497674d73edae9a300e6616311ff89c4c911209d99bb
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sec.windcave.com/pxmi3/logon

Response headers

frame-options
deny
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
"1411522596"
x-content-type-options
nosniff
expires
Wed, 25 Sep 2024 15:58:06 GMT
date
Wed, 25 Sep 2024 15:58:06 GMT
content-type
text/javascript
vary
Accept-Encoding
x-frame-options
deny
strict-transport-security
max-age=16070400; includeSubDomains
cache-control
no-transform,public
x-aspnet-version
cf-ray
8c8c36b50af90d6e-MXP
content-length
6410
x-xss-protection
1; mode=block
x-powered-by
server
cloudflare
logo.png
sec.windcave.com/pxmi/images/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec.windcave.com/pxmi/images/logo.png
Requested by
Host: sec.windcave.com
URL: https://sec.windcave.com/pxmi3/0205_0002
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0e2efdd6bb1a8d7b34f0e3b9064821a6fbeed222808948e2b773c9f7119640e
Security Headers
Name Value
Content-Security-Policy default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Security-Policy default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sec.windcave.com/pxmi3/0205_0002

Response headers

frame-options
deny
cf-cache-status
HIT
etag
"0513cee6146d51:0"
age
2624
x-content-type-options
nosniff
expires
Wed, 25 Sep 2024 19:58:07 GMT
date
Wed, 25 Sep 2024 15:58:07 GMT
content-type
image/png
last-modified
Mon, 29 Jul 2019 23:04:10 GMT
vary
Accept-Encoding
x-frame-options
deny
strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
cache-control
public, max-age=14400
x-aspnet-version
x-content-security-policy
default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
cf-ray
8c8c36c36e090d6e-MXP
accept-ranges
bytes
content-length
12158
x-xss-protection
1; mode=block
x-powered-by
server
cloudflare
user-login.png
sec.windcave.com/pxmi/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec.windcave.com/pxmi/images/user-login.png
Requested by
Host: sec.windcave.com
URL: https://sec.windcave.com/pxmi3/0205_0002
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51588a6e1999b9b47ffec9deca61ec9ac3d1f01f19edd109a8f662077166686e
Security Headers
Name Value
Content-Security-Policy default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Security-Policy default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sec.windcave.com/pxmi3/0205_0002

Response headers

frame-options
deny
cf-cache-status
HIT
etag
"0a36e36283ed21:0"
x-content-type-options
nosniff
expires
Wed, 25 Sep 2024 19:58:07 GMT
date
Wed, 25 Sep 2024 15:58:07 GMT
content-type
image/png
last-modified
Mon, 14 Nov 2016 03:35:58 GMT
vary
Accept-Encoding
x-frame-options
deny
strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
cache-control
public, max-age=14400
x-aspnet-version
x-content-security-policy
default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
cf-ray
8c8c36c36e0b0d6e-MXP
accept-ranges
bytes
content-length
1158
x-xss-protection
1; mode=block
x-powered-by
server
cloudflare
password-login.png
sec.windcave.com/pxmi/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec.windcave.com/pxmi/images/password-login.png
Requested by
Host: sec.windcave.com
URL: https://sec.windcave.com/pxmi3/0205_0002
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ebb9c1557ada9a243b5ea9c85fac1a302cfbc40cbffcd762023ef5c2da9c719
Security Headers
Name Value
Content-Security-Policy default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Security-Policy default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sec.windcave.com/pxmi3/0205_0002

Response headers

frame-options
deny
cf-cache-status
HIT
etag
"0a36e36283ed21:0"
x-content-type-options
nosniff
expires
Wed, 25 Sep 2024 19:58:07 GMT
date
Wed, 25 Sep 2024 15:58:07 GMT
content-type
image/png
last-modified
Mon, 14 Nov 2016 03:35:58 GMT
vary
Accept-Encoding
x-frame-options
deny
strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
cache-control
public, max-age=14400
x-aspnet-version
x-content-security-policy
default-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:; script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' data:; img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:
cf-ray
8c8c36c36e100d6e-MXP
accept-ranges
bytes
content-length
1241
x-xss-protection
1; mode=block
x-powered-by
server
cloudflare
favicon.ico
sec.windcave.com/ 		567 B
742 B 		Other
General
Check archive.org
Download Go to
Full URL
https://sec.windcave.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.148 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
309eee0fdf07a9a8f9d3cbe27ced730fcf2c9017fb629dfe53a51d73d87b6978
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://sec.windcave.com/pxmi3/logon

Response headers

strict-transport-security
max-age=16070400; includeSubDomains
cache-control
public, max-age=14400
x-aspnet-version
content-encoding
gzip
cf-cache-status
HIT
etag
W/"10f86cdb534ed51:0"
age
77
cf-ray
8c8c36c80c800d6e-MXP
expires
Wed, 25 Sep 2024 19:58:08 GMT
date
Wed, 25 Sep 2024 15:58:08 GMT
content-type
image/x-icon
last-modified
Fri, 09 Aug 2019 01:43:34 GMT
x-powered-by
server
cloudflare
vary
Accept-Encoding

Verdicts & Comments Add Verdict or Comment

280 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| __PageParameter function| PxHackNav function| $ function| jQuery function| isIE10OrOlder function| isIE11 function| isIOS function| makeASCIIOnly function| makeCardNumber function| validateDomainName function| updateCardNumberInputConstraint function| makePhoneNumber function| makeIRDNumber function| CheckIRDNumberWithSpaces function| makeBankAccountNumber function| CheckRequirement function| CheckLuhn function| CheckLuhnWithSpaces function| IsThereALuhnPresent function| EnsureAlphanumeric function| EnsureAlphanumericWithPotentialSpaces function| EnsureDigits function| CleanupCardholderName function| ValidateCardHolderName function| ResetFieldsetControls function| isMasterCard function| isJCBCard function| isVisaCard function| isAmexCard function| isDiscoverCard function| ValidateCvc2 function| PxValidateIpAddressElement function| PxValidateIpAddressElementFromString function| PxValidateIpV6AddressElement function| PxRemovePxPayInternalFields function| PxValidateBankAccount function| PasteMultiBox function| RemoveContent function| InsertContent function| GetXmlHttpObject function| TriggerSearchInputChangeEvent function| ShowSearchUiItemList function| makeUnique function| PxClearDropList function| PxIsInsideHiddenTab function| PxDisableAndHideInput function| PxEnableAndShowInput function| FilterDroplist object| referenceFilterCustomResponseHandlers function| FilterTextInput function| PxOnXmlHttpObjectStateChanged object| searchPanelInfo function| PxInitialSearchButtonId function| PxSubmitSearch function| PxUpdateSortOrderForColumnHeader function| PxOnClickSortableColumnHeader function| PxOnClickSortableColumnHeaderAjax function| PxNormalizeSortOrderTex function| PxGetSortOrder function| PxInitialSortableColumnHeader function| ConvertTxnDateTimeToLocalTime function| PxSelectNextAvailable function| PxValidateDate function| PxValidateDateRange function| PxChangeSortOrder function| PxDoNavSubmit2 function| PxDoNavSubmit3 function| rowCountSelected function| rowCountSelectedAjax function| processTableFooterRowInput function| processTableFooterRowInputAjax function| PxCreateHiddenInput function| PxEmbedAdditionalValues function| PxOnClick function| PxResetSortOrder function| PxShowMenu function| PxToggleMenu function| PxHide boolean| isNN object| filter function| IsNumericKey function| PxNumericKeyDown function| PxSanitizeNumericValue function| NumbersOnly function| NumbersOnlyWithMaxLength function| IsEnterKey function| getIndex function| NumbersOnlyPointTabs function| HexOnlyPointTabs function| MaxLengthTabs function| containsElement function| AutoTabPoint function| AutoTab function| PxChangeAction function| PxShow function| PxAskForConfirmation function| PxAskForConfirmationInputAuditText string| searchOptionNoResultsFound function| PxAssignPosition function| PxCheckSearchValueValid function| PxCheckDroplistValueValid function| PxCheckGroupSelected function| FinalizeSelectedListOption function| PxSearchOptionSelected function| PxInputChanged function| PxCancelConfirmation function| PxGetClipboardData function| PxNumericOnlyPasteHandler function| PxShowTabWithElement function| PxShowTab function| PxShowInvalidTab function| PxCheckIsItemSelected function| PxCheckIsEmptySelected function| SessionTimeoutAlert function| OpenSessionTimeoutAlert function| StartSessionTimeoutTimer function| PxValidateBlankInput function| PxFieldInvalidStyle function| PxCheckBlankSpace function| PxValidateForm1 function| PxValidateCaptcha function| PxIsCaptchaIgnoredSubmit function| PxIsCaptchaCorrect function| PxCheckIsPageInframe function| PxIsPageInframe function| PxFieldInvalidStyleHandler function| PxSetCurrentTab function| PxSubmitCurrentTab function| PxResetForm function| PxClearForm function| PxClickAndDisable function| PxCheckForAndHandleSubmission function| PxAddStat function| PxAddStatWithTime function| PxAddFP function| PxQuickSearchPaddingZero function| PxIsQuickSearchInputValid function| PxQuickSearchOnSubmit function| PxSetIconOnElement function| PxSetElementStyle function| PxCreateCardTypeLogo function| PxSetCardtypeLogo function| PxOnCurrencyChange function| PxOnYearExpiryChange function| getDivider function| PxOnFileChange function| PxOnInvalid function| getAllSelectors function| selectorExists function| PxShowOpaqueScreen function| PxHideOpaqueScreen function| PxTruncateByMaxBytes function| byteLength function| PxHandleUploadFileResponse function| PxRenderTables function| PxRenderJsonTableContent function| PxRenderTableContent function| PxOnTableNaviButtonClicked function| PxOnTableLoadButtonClicked function| PxOnAjaxTableLoad function| PxAjaxTableShowInstructions function| PxHandleAjaxTableOnDemandLoading function| PxRenderMenuOrderTableBody function| PxReportValidation function| PxOnDocumentReady function| PxSelectAll function| PxSelectOne function| PxMatch function| PxBindEvent function| PxUnBindEvent function| PxTriggerEvent function| PxOnEvent function| PxRemoveClass function| PxAddClass function| PxCreateElement function| PxGetScript function| PxGenerateRandomText function| PxNotifyJQueryWarnings function| PxRefreshLogonSession function| PxGetCurrentUrlParameter function| PxStartInlineSpinner function| PxStopInlineSpinner function| FindIndexInArray function| PxStartJob function| PxFinishJob function| PxClearJobs function| PxIsSubmissionBlocked function| PxAddBlockingTask function| PxRemoveBlockingTask function| PxIsResizeAvailable function| PxGetFileExtension function| PxRemoveElemById function| PxPrepareImage function| PxResizeImage function| PxCleanupImages function| PxGetLengthOfStringWithLineBreak function| PxIsElementHidden function| PxBindItemOnEvent function| PxValidateBlankDateTime function| PxHandleEntitiesInput function| PxHasInvalidInputValue function| PxSearchFilterValidation function| PxOnSearchWithFilterCheck function| PxSendErrorLog function| PxSetInlineError function| PxSetupInlineErrorEx function| PxSetupInlineError function| PxStartButtonSpinner function| PxStopButtonSpinner function| PxCollapsePanel function| PxExpandPanel function| PxDisableCollapsing function| PxEnableCollapsing function| PxTriggerSearchWithValidation function| PxOnSearchTriggered function| PxOnSearchStart function| PxOnSearchEnd function| PxInitNotificationElements function| PxHandleNotifications function| PxPostNotification function| PxHanldeAjaxUpdateResponse function| PxOnUpdateTriggered function| PxGetElementByName function| PxFindInArray function| PxHideRadioPanel function| PxShowRadioPanel function| PxUpdateRadioSelectorVisibility function| PxSetActiveRadioButton function| PxHideRadioButtons function| PxShowRadioButtons function| PxGetVisibleRadioButtonsCount function| PxUpdateRadioButtonSelectionState function| PxIsMainCssPresent function| addPhoneStaticPrefix function| CreateAjaxInputData function| PxGenerateReferenceValueKey function| PxSearchInputAddCache function| PxSearchInputMatchCache object| AjaxInputDataContainer function| PxAjaxInputIssueRequest function| PxAjaxInputOnResponse function| PxValidateReceiptEmail function| PxOnShowOrHidePassword object| __pxStats function| PxTime object| PxInlineSpinner object| PxBlockingTasks object| PxElementsToClearOnSubmission object| NotificationQueue function| PxOnKeyUpDynamic function| GetReferenceFilterValuesDynamic function| PxOnSearchKeyUpDynamic function| PxOnTextInputKeyUpDynamic function| PxOnKeyUp function| PxOnSearchKeyUp function| PxOnTextInputKeyUp function| PxDoDroplistReferencing function| PxInvalidateItem function| PxAjaxPost function| PxOnSearchInputBlur function| PxOnSearchInputKeyDown function| PxOnSearchInputPaste object| referenceFilterCustomRequestHandlers function| GetReferenceFilterValues function| PxOnSearchDynamic function| PxOnUpdateDynamic function| CollectFormInputIntoJsonIE11 function| CollectFormInputIntoJson function| PxRestartTimeoutTimerOnAjaxRequest function| PxUploadFileAjax function| tabberObj function| tabberAutomatic function| tabberAutomaticOnLoad function| PxOnLoad object| antiClickjack function| LogonOnload function| AdjustFooter function| UpdateBackupCode function| PxValidate function| PxOnSubmit

2 Cookies

Domain/Path Name / Value
sec.paymentexpress.com/ Name: __cflb
Value: 0H28vmkvPZ72JMPUTsST6bexCkvgMCFYVfzVJGT2teG
sec.windcave.com/ Name: __cflb
Value: 02DiuDygeBvaHtE7vhpzbjtzi6L23WkjiqDqHfUCgTyqe

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://sec.windcave.com/pxmi3/logon
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "username"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy base-uri 'self';connect-src https://sec.paymentexpress.com https://sec.windcave.com 'self';default-src 'none';font-src https://sec.paymentexpress.com https://sec.windcave.com 'self';form-action https://sec.paymentexpress.com https://sec.windcave.com 'self' https://a2a.paymentexpress.com https://a2a.windcave.com;frame-ancestors 'none';frame-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-r2JS18Ff1W2mrpIXqP2Gyw==' ;style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-r2JS18Ff1W2mrpIXqP2Gyw==' ;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Security-Policy base-uri 'self';connect-src https://sec.paymentexpress.com https://sec.windcave.com 'self';default-src 'none';font-src https://sec.paymentexpress.com https://sec.windcave.com 'self';form-action https://sec.paymentexpress.com https://sec.windcave.com 'self' https://a2a.paymentexpress.com https://a2a.windcave.com;frame-ancestors 'none';frame-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;img-src https://sec.paymentexpress.com https://sec.windcave.com 'self' data:;script-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-r2JS18Ff1W2mrpIXqP2Gyw==' ;style-src https://sec.paymentexpress.com https://sec.windcave.com 'self' 'unsafe-inline' 'nonce-r2JS18Ff1W2mrpIXqP2Gyw==' ;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block